ZAP INSTALL SERVER UNIX
595 views
Skip to first unread message
Andrea Bettio
Oct 16, 2015, 3:48:03 AM10/16/15
to OWASP ZAP User Group
Hi,
I'm trying install ZAP on the server unix; i have downloaded the ZAP tar.gz, execute command tar -zxvf and then launch ./zap.sh.
I have this problem:
Found Java version 1.7.0_21
Available memory: 2010 MB
Setting jvm heap size: -Xmx512m
1 [AWT-EventQueue-0] INFO org.zaproxy.zap.GuiBootstrap - OWASP ZAP 2.4.2 started.
80 [AWT-EventQueue-0] ERROR org.zaproxy.zap.ZAP$UncaughtExceptionLogger - Exception in thread "AWT-EventQueue-0"
java.lang.NullPointerException
at sun.font.FontConfigManager.getFontConfigFont(FontConfigManager.java:352)
at sun.awt.X11FontManager.getFontConfigFUIR(X11FontManager.java:817)
at sun.font.FontUtilities.getFontConfigFUIR(FontUtilities.java:488)
at javax.swing.plaf.nimbus.NimbusDefaults.<init>(NimbusDefaults.java:138)
at javax.swing.plaf.nimbus.NimbusLookAndFeel.<init>(NimbusLookAndFeel.java:100)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at java.lang.Class.newInstance0(Class.java:374)
at java.lang.Class.newInstance(Class.java:327)
at javax.swing.UIManager.setLookAndFeel(UIManager.java:580)
at org.zaproxy.zap.GuiBootstrap.setupLookAndFeel(Unknown Source)
at org.zaproxy.zap.GuiBootstrap.startImpl(Unknown Source)
at org.zaproxy.zap.GuiBootstrap.access$000(Unknown Source)
at org.zaproxy.zap.GuiBootstrap$1.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:251)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:727)
at java.awt.EventQueue.access$200(EventQueue.java:103)
at java.awt.EventQueue$3.run(EventQueue.java:688)
at java.awt.EventQueue$3.run(EventQueue.java:686)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:697)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:146)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)
Can you help me?
Thanks
Simon Bennetts
Oct 16, 2015, 4:05:30 AM10/16/15
to OWASP ZAP User Group
Does ZAP still work?
I think I've seen this occstionally but it hasnt actually broken anything as far as I recall.
Cheers,
Simon
I think I've seen this occstionally but it hasnt actually broken anything as far as I recall.
Cheers,
Simon
Andrea Bettio
Oct 16, 2015, 4:20:13 AM10/16/15
to OWASP ZAP User Group
If i install in windows, the zap is ok.
Simon Bennetts
Oct 16, 2015, 4:27:21 AM10/16/15
to OWASP ZAP User Group
So this error prevents ZAP from working on Unix?
Exactly which OS variant are you using (eg Ubuntu / Redhat /...) and which version?
And which Java are you using?
I'm guessing from the stack trace that the "Nimbus" look and feel isnt available.
The code is written to handle exceptions like UnsupportedLookAndFeelException but maybe its not quite defensive enough :/
Cheers,
Simon
Exactly which OS variant are you using (eg Ubuntu / Redhat /...) and which version?
And which Java are you using?
I'm guessing from the stack trace that the "Nimbus" look and feel isnt available.
The code is written to handle exceptions like UnsupportedLookAndFeelException but maybe its not quite defensive enough :/
Cheers,
Simon
thc...@gmail.com
Oct 16, 2015, 4:33:25 AM10/16/15
to zaprox...@googlegroups.com
Maybe the server is headless? If so, ZAP should be started in daemon
mode. [1]
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpCmdline
Best regards.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
mode. [1]
[1] https://github.com/zaproxy/zap-core-help/wiki/HelpCmdline
Best regards.
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Andrea Bettio
Oct 16, 2015, 4:39:27 AM10/16/15
to OWASP ZAP User Group
The process ZAP not runs.
Java version 1.7.0_21
Red Hat Enterprise Linux Server release 5.6 (Tikanga)
Simon Bennetts
Oct 16, 2015, 4:45:56 AM10/16/15
to OWASP ZAP User Group
Is the server headless?
And which java implementation are you using - Oracle or OpenJDK ?
Cheers,
Simon
And which java implementation are you using - Oracle or OpenJDK ?
Cheers,
Simon
Andrea Bettio
Oct 16, 2015, 4:57:35 AM10/16/15
to OWASP ZAP User Group
With option daemon is run, thanks!
But now , the process is stopped from 5 minutes in this line:
[Thread-5] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - Creating new root CA
Why?
Simon Bennetts
Oct 16, 2015, 5:00:01 AM10/16/15
to OWASP ZAP User Group
It probably hasnt stopped, thats just the last message logged.
If you use the -daemon flag then you wont get a UI - its headless :)
Try to proxy through it and / or point your browser at the host:port its listening on.
Cheers,
Simon
If you use the -daemon flag then you wont get a UI - its headless :)
Try to proxy through it and / or point your browser at the host:port its listening on.
Cheers,
Simon
Andrea Bettio
Oct 16, 2015, 11:32:47 AM10/16/15
to OWASP ZAP User Group
Ok, the process is started but if i call by url <hostname>:50000 isn't answer.
./zap.sh -daemon -port 50000 -config script.scripts.name="test" -config script.scripts.engine="Oracle Nashorn" -config script.scripts.type=proxy -config script.scripts.enabled=true -config script.scripts.file="/scrpti/test.js"
Andrea Bettio
Oct 16, 2015, 11:35:23 AM10/16/15
to OWASP ZAP User Group
0 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP 2.4.2 started.
829 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start
841 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end
1536 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.name = test was test
1537 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.file = /scripti/test.js
1537 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.enabled = true was true
1537 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.engine = Oracle Nashorn was Oracle Nashorn
1538 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config script.scripts.type = proxy was proxy
1540 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...
1541 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...
1961 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
1964 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.
1983 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions
3719 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
4290 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Change user agent to other browsers.
4290 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect insecure or potentially malicious content in HTTP responses.
4290 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification.
4291 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Avoid browser cache (strip off IfModifiedSince)
4291 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log cookies sent by browser.
4291 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique GET queries into file:filter/get.xls
4294 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique POST queries into file: filter/post.xls
4294 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log request and response into file: filter/message.txt
4294 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request body using defined pattern.
4294 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request header using defined pattern.
4294 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response body using defined pattern.
4295 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response header using defined pattern.
4295 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Send ZAP session request ID
4556 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionViewOption
4558 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionEdit
4558 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFilter
4558 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP
4708 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionState
4709 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHistory
4711 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields
4712 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions
4713 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encode/Decode/Hash...
4714 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses
4714 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner
4784 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script passive scan rules
4784 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
4784 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
4785 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
4785 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
4785 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
4786 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
4786 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Web Browser XSS Protection Not Enabled
4786 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
4787 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Password Autocomplete in Browser
4787 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
4787 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
4788 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
4788 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Not Set
4895 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts
4896 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
4946 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site
4952 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks
4953 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
4954 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionManualRequest
4954 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates
4955 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences
4955 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters
4956 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens
4957 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthentication
6083 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication]
6084 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
6084 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only
6084 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionUserManagement
6085 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies
6086 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration
6097 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages
6097 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionForcedUser
6098 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions
6099 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools
6256 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff
6256 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionRequestPostTableView
6256 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration
6257 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSessionManagement
6401 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, Http Authentication Session Management]
6402 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestFormTableView
6403 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.
6407 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies
6407 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthorization
6408 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax
6410 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs
6411 [ZAP-daemon] WARN org.zaproxy.zap.extension.globalexcludeurl.ExtensionGlobalExcludeURL - GlobalExcludeURL.optionsLoaded()
6411 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree
6411 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
6411 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User guide
6412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReport
6412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts
6412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelComponentonentAll
6412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelHexView
6412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelImageView
6412 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeRequestView
6413 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeResponseView
6413 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestQueryCookieTableView
6413 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelSyntaxHighlightTextView
6414 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules
6414 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
6415 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files
6415 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links
6415 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
6417 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages.
6418 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks
6418 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide
6418 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage
6419 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel
6419 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules
6435 [Thread-4] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - Creating new root CA
thc...@gmail.com
Oct 16, 2015, 11:58:48 AM10/16/15
to zaprox...@googlegroups.com
Are you accessing the ZAP API from the same machine where ZAP is running?
ZAP defaults to listen just on "localhost" addresses.
If you're accessing the ZAP API from other machine you should set ZAP to
listen on the exposed interface (or all of them).
Best regards.
> <http://script.scripts.name>="test" -config
ZAP defaults to listen just on "localhost" addresses.
If you're accessing the ZAP API from other machine you should set ZAP to
listen on the exposed interface (or all of them).
Best regards.
Andrea Bettio
Oct 19, 2015, 2:37:16 AM10/19/15
to OWASP ZAP User Group
No, i call ZAP from another machine, Can i setting this? But the problem is that i don't know always the url the machine call.
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
thc...@gmail.com
Oct 19, 2015, 2:57:48 AM10/19/15
to zaprox...@googlegroups.com
You can set ZAP to listen on all interfaces, for example, with command
line argument "-host":
-host ""
Would that help?
Best regards.
On 19/10/15 07:37, Andrea Bettio wrote:
> No, i call ZAP from another machine, Can i setting this? But the problem
> is that i don't know always the url the machine call.
>
> Il giorno venerdì 16 ottobre 2015 17:58:48 UTC+2, thc202 ha scritto:
>
> Are you accessing the ZAP API from the same machine where ZAP is
> running?
> ZAP defaults to listen just on "localhost" addresses.
> If you're accessing the ZAP API from other machine you should set
> ZAP to
> listen on the exposed interface (or all of them).
>
> Best regards.
>
> On 16/10/15 16:35, Andrea Bettio wrote:
> > 0 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP 2.4.2
> started.
> > 829 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache
> open
> > start
> > 841 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache
> open end
> > 1536 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting
> > config script.scripts.name <http://script.scripts.name> = test was
> > <mailto:zaproxy-user...@googlegroups.com>.
line argument "-host":
-host ""
Would that help?
Best regards.
On 19/10/15 07:37, Andrea Bettio wrote:
> No, i call ZAP from another machine, Can i setting this? But the problem
> is that i don't know always the url the machine call.
>
> Il giorno venerdì 16 ottobre 2015 17:58:48 UTC+2, thc202 ha scritto:
>
> Are you accessing the ZAP API from the same machine where ZAP is
> running?
> ZAP defaults to listen just on "localhost" addresses.
> If you're accessing the ZAP API from other machine you should set
> ZAP to
> listen on the exposed interface (or all of them).
>
> Best regards.
>
> On 16/10/15 16:35, Andrea Bettio wrote:
> > 0 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP 2.4.2
> started.
> > 829 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache
> open
> > start
> > 841 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache
> open end
> > 1536 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
Andrea Bettio
Oct 19, 2015, 3:53:08 AM10/19/15
to OWASP ZAP User Group
Thanks! Now ZAP answers. I want to load the script that run in Owasp Zap Gui (Windows Installer); in the script run i have added this:
-config script.scripts.name="test" -config script.scripts.engine="Oracle Nashorn" -config script.scripts.type=proxy -config script.scripts.enabled=true -config script.scripts.file="/app/nets/ZAP_2.4.2/scripts/test.js"
Is enough?
> > <mailto:zaproxy-users+unsub...@googlegroups.com>.
> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.
Simon Bennetts
Oct 19, 2015, 3:57:25 AM10/19/15
to OWASP ZAP User Group
Yep, that looks ok: https://github.com/zaproxy/zaproxy/wiki/FAQscriptCmdLine
Andrea Bettio
Oct 19, 2015, 4:01:57 AM10/19/15
to OWASP ZAP User Group
Ok, i answer because the script not work. The script works only Owasp Zap Gui :-(
...
Simon Bennetts
Oct 19, 2015, 4:06:34 AM10/19/15
to OWASP ZAP User Group
Can you give us some more info? :)
What are you expecting to see?
What do you actually see?
I'm working on telepathy, but so far I've not had much luck :P
Cheers,
Simon
What are you expecting to see?
What do you actually see?
I'm working on telepathy, but so far I've not had much luck :P
Cheers,
Simon
...
Andrea Bettio
Oct 19, 2015, 6:23:12 AM10/19/15
to OWASP ZAP User Group
Ahahah...
this is the log on zap when call the url:
257983 [ZAP-ProxyThread-151] INFO org.zaproxy.zap.extension.httpsessions.HttpSessionsSite - Created a new session as no match was found: HttpSession [name=Session 7, active=false, tokenValues='']
How to do check if is correctly loaded the scripts?
Thanks,
Andrea
...
thc...@gmail.com
Oct 19, 2015, 9:09:04 AM10/19/15
to zaprox...@googlegroups.com
That log entry is normal.
Through the ZAP API you can use the view "listScripts" of "script" API,
for example:
http://<address>:<port>/HTML/script/view/listScripts
Worth noting the "enabled" and "error" states of the script. If the
script is not shown it means it was not loaded (but in that case it
would be logged a message with ERROR level).
Best regards.
> -config script.scripts.name
> <http://script.scripts.name>="test" -config
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Through the ZAP API you can use the view "listScripts" of "script" API,
for example:
http://<address>:<port>/HTML/script/view/listScripts
Worth noting the "enabled" and "error" states of the script. If the
script is not shown it means it was not loaded (but in that case it
would be logged a message with ERROR level).
Best regards.
> <http://script.scripts.name>="test" -config
> > > For more options, visit
>
> ...
>
>
> ...
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> For more options, visit https://groups.google.com/d/optout.
Andrea Bettio
Oct 19, 2015, 9:22:46 AM10/19/15
to OWASP ZAP User Group
Ok, thanks.
Now, i need to know how is possible that the same script work on GUI (Windows Installer) and not works in unix.
The view is ok:
| engine | Oracle Nashorn |
| name | test |
| description | null |
| type | proxy |
| error | false |
| enabled | true |
Now, i need to know how is possible that the same script work on GUI (Windows Installer) and not works in unix.
Thanks a lot,
Andrea
> > > ...
thc...@gmail.com
Oct 19, 2015, 9:38:10 AM10/19/15
to zaprox...@googlegroups.com
Did you check the "listScripts" after proxing a request?
If after then the script should be already running, since it's enabled
and there are no errors.
You sure proxy script is not working?
Could you provide more details on what the script is doing? Or, what ZAP
features does it use?
Best regards.
If after then the script should be already running, since it's enabled
and there are no errors.
You sure proxy script is not working?
Could you provide more details on what the script is doing? Or, what ZAP
features does it use?
Best regards.
Andrea Bettio
Oct 20, 2015, 3:39:01 AM10/20/15
to OWASP ZAP User Group
Ok, before the call the status script is enable.
Now i can check the script.
Andrea
After the script is:
| enabled | false |
| error | true |
| engine | Oracle Nashorn |
| description | null |
| name | Test |
| lastError | |
| type | proxy |
Now i can check the script.
Andrea
> > ...
Simon Bennetts
Oct 20, 2015, 3:47:26 AM10/20/15
to OWASP ZAP User Group
That implies that there was an error in the script.
If an error occurs when the script is run then is is disabled.
Are there any errors in the zap.log file?
Cheers,
Simon
If an error occurs when the script is run then is is disabled.
Are there any errors in the zap.log file?
Cheers,
Simon
...
Andrea Bettio
Oct 20, 2015, 4:57:26 AM10/20/15
to OWASP ZAP User Group
Zap.log
2015-10-20 09:21:22,827 [main ] INFO DaemonBootstrap - OWASP ZAP 2.4.2 started.
2015-10-20 09:21:23,554 [main ] INFO ENGINE - dataFileCache open start
2015-10-20 09:21:23,566 [main ] INFO ENGINE - dataFileCache open end
2015-10-20 09:21:24,195 [main ] INFO AbstractParam - Setting config script.scripts.name = F5_base was F5_base
2015-10-20 09:21:24,196 [main ] INFO AbstractParam - Setting config script.scripts.file = /app/nets/ZAP_2.4.2/scripts/F5_base.js was /app/nets/ZAP_2.4.2/scripts/F5_base.js
2015-10-20 09:21:24,196 [main ] INFO AbstractParam - Setting config script.scripts.enabled = true was true
2015-10-20 09:21:24,197 [main ] INFO AbstractParam - Setting config script.scripts.engine = Oracle Nashorn was Oracle Nashorn
2015-10-20 09:21:24,197 [main ] INFO AbstractParam - Setting config script.scripts.type = proxy was proxy
2015-10-20 09:21:24,200 [main ] INFO SSLConnector - Reading supported SSL/TLS protocols...
2015-10-20 09:21:24,200 [main ] INFO SSLConnector - Using a SSLEngine...
2015-10-20 09:21:24,622 [main ] INFO SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
2015-10-20 09:21:24,624 [main ] INFO OptionsParamCertificate - Unsafe SSL renegotiation disabled.
2015-10-20 09:21:24,644 [ZAP-daemon] INFO ExtensionFactory - Loading extensions
2015-10-20 09:21:26,100 [ZAP-daemon] INFO ExtensionFactory - Extensions loaded
2015-10-20 09:21:26,656 [ZAP-daemon] INFO FilterFactory - loaded filter Change user agent to other browsers.
2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded filter Detect insecure or potentially malicious content in HTTP responses.
2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification.
2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded filter Avoid browser cache (strip off IfModifiedSince)
2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded filter Log cookies sent by browser.
2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded filter Log unique GET queries into file:filter/get.xls
2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded filter Log unique POST queries into file: filter/post.xls
2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded filter Log request and response into file: filter/message.txt
2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded filter Replace HTTP request body using defined pattern.
2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded filter Replace HTTP request header using defined pattern.
2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded filter Replace HTTP response body using defined pattern.
2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded filter Replace HTTP response header using defined pattern.
2015-10-20 09:21:26,659 [ZAP-daemon] INFO FilterFactory - loaded filter Send ZAP session request ID
2015-10-20 09:21:26,880 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionViewOption
2015-10-20 09:21:26,882 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionEdit
2015-10-20 09:21:26,882 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionFilter
2015-10-20 09:21:26,882 [ZAP-daemon] INFO ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP
2015-10-20 09:21:27,006 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionState
2015-10-20 09:21:27,007 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHistory
2015-10-20 09:21:27,009 [ZAP-daemon] INFO ExtensionLoader - Initializing Show hidden fields and enable disabled fields
2015-10-20 09:21:27,010 [ZAP-daemon] INFO ExtensionLoader - Initializing Search messages for strings and regular expressions
2015-10-20 09:21:27,011 [ZAP-daemon] INFO ExtensionLoader - Initializing Encode/Decode/Hash...
2015-10-20 09:21:27,011 [ZAP-daemon] INFO ExtensionLoader - Initializing Allows you to intercept and modify requests and responses
2015-10-20 09:21:27,017 [ZAP-daemon] INFO ExtensionLoader - Initializing Passive scanner
2015-10-20 09:21:27,076 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Script passive scan rules
2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
2015-10-20 09:21:27,078 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
2015-10-20 09:21:27,078 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
2015-10-20 09:21:27,078 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Web Browser XSS Protection Not Enabled
2015-10-20 09:21:27,079 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
2015-10-20 09:21:27,079 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Password Autocomplete in Browser
2015-10-20 09:21:27,079 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
2015-10-20 09:21:27,080 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
2015-10-20 09:21:27,080 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
2015-10-20 09:21:27,080 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Not Set
2015-10-20 09:21:27,182 [ZAP-daemon] INFO ExtensionLoader - Initializing Allows you to view and manage alerts
2015-10-20 09:21:27,183 [ZAP-daemon] INFO ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
2015-10-20 09:21:27,232 [ZAP-daemon] INFO ExtensionLoader - Initializing Spider used for automatically finding URIs on a site
2015-10-20 09:21:27,237 [ZAP-daemon] INFO ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks
2015-10-20 09:21:27,237 [ZAP-daemon] INFO ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
2015-10-20 09:21:27,238 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionManualRequest
2015-10-20 09:21:27,239 [ZAP-daemon] INFO ExtensionLoader - Initializing Allows ZAP to check for updates
2015-10-20 09:21:27,239 [ZAP-daemon] INFO ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences
2015-10-20 09:21:27,240 [ZAP-daemon] INFO ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters
2015-10-20 09:21:27,241 [ZAP-daemon] INFO ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens
2015-10-20 09:21:27,242 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionAuthentication
2015-10-20 09:21:28,319 [ZAP-daemon] INFO ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication]
2015-10-20 09:21:28,320 [ZAP-daemon] INFO ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
2015-10-20 09:21:28,354 [ZAP-daemon] INFO ExtensionLoader - Initializing Logs errors to the Output tab in development mode only
2015-10-20 09:21:28,354 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionUserManagement
2015-10-20 09:21:28,355 [ZAP-daemon] INFO ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies
2015-10-20 09:21:28,355 [ZAP-daemon] INFO ExtensionLoader - Initializing Script integration
2015-10-20 09:21:28,373 [ZAP-daemon] INFO ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages
2015-10-20 09:21:28,374 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionForcedUser
2015-10-20 09:21:28,375 [ZAP-daemon] INFO ExtensionLoader - Initializing Extension handling HTTP sessions
2015-10-20 09:21:28,376 [ZAP-daemon] INFO ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools
2015-10-20 09:21:28,527 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionDiff
2015-10-20 09:21:28,527 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionRequestPostTableView
2015-10-20 09:21:28,527 [ZAP-daemon] INFO ExtensionLoader - Initializing Simple browser configuration
2015-10-20 09:21:28,528 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionSessionManagement
2015-10-20 09:21:28,669 [ZAP-daemon] INFO ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, Http Authentication Session Management]
2015-10-20 09:21:28,670 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHttpPanelRequestFormTableView
2015-10-20 09:21:28,670 [ZAP-daemon] INFO ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.
2015-10-20 09:21:28,674 [ZAP-daemon] INFO ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies
2015-10-20 09:21:28,675 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionAuthorization
2015-10-20 09:21:28,675 [ZAP-daemon] INFO ExtensionLoader - Initializing AJAX Spider, uses Crawljax
2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader - Initializing Handles adding Global Excluded URLs
2015-10-20 09:21:28,678 [ZAP-daemon] WARN ExtensionGlobalExcludeURL - GlobalExcludeURL.optionsLoaded()
2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader - Initializing Adds menu item to refresh the Sites tree
2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader - Initializing OWASP ZAP User guide
2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionReport
2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts
2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHttpPanelComponentonentAll
2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHttpPanelHexView
2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHttpPanelImageView
2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHttpPanelLargeRequestView
2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHttpPanelLargeResponseView
2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHttpPanelRequestQueryCookieTableView
2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHttpPanelSyntaxHighlightTextView
2015-10-20 09:21:28,681 [ZAP-daemon] INFO ExtensionLoader - Initializing Active Scan Rules
2015-10-20 09:21:28,681 [ZAP-daemon] INFO ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
2015-10-20 09:21:28,682 [ZAP-daemon] INFO ExtensionLoader - Initializing Translations of the core language files
2015-10-20 09:21:28,682 [ZAP-daemon] INFO ExtensionLoader - Initializing The Online menu links
2015-10-20 09:21:28,682 [ZAP-daemon] INFO ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
2015-10-20 09:21:28,683 [ZAP-daemon] INFO ExtensionLoader - Initializing Allows to fuzz HTTP messages.
2015-10-20 09:21:28,684 [ZAP-daemon] INFO ExtensionLoader - Initializing Tips and Tricks
2015-10-20 09:21:28,684 [ZAP-daemon] INFO ExtensionLoader - Initializing The ZAP Getting Started Guide
2015-10-20 09:21:28,684 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionSaveRawHttpMessage
2015-10-20 09:21:28,685 [ZAP-daemon] INFO ExtensionLoader - Initializing Quick Start panel
2015-10-20 09:21:28,685 [ZAP-daemon] INFO ExtensionLoader - Initializing Passive Scan Rules
2015-10-20 09:21:49,361 [ZAP-ProxyThread-18] INFO ExtensionHttpSessions - Added new session token for site 'irmweb:8283': JSESSIONID
2015-10-20 09:21:49,411 [ZAP-ProxyThread-18] INFO HttpSessionsSite - Created a new session as no match was found: HttpSession [name=Session 0, active=false, tokenValues='']
2015-10-20 09:24:50,374 [ZAP-ProxyThread-34] INFO ExtensionHttpSessions - Added new session token for site 'prorepprod:8081': JSESSIONID
2015-10-20 09:24:50,384 [ZAP-ProxyThread-34] INFO HttpSessionsSite - Created a new session as no match was found: HttpSession [name=Session 1, active=false, tokenValues='']
I have simplified the script to mininal to understand what is the problem.
F5_base.js
function proxyRequest(msg) {
return true
}
function proxyResponse(msg) {
return true
}
After call url the status script is KO:
Script |
|
|
Thanks,
Andrea
...
thc...@gmail.com
Oct 20, 2015, 5:43:12 AM10/20/15
to zaprox...@googlegroups.com
That script should be running unless the script engine is not available
and from previous information provided that seems to be the case.
The server is using Java 7 which uses "Mozilla Rhino" as the JavaScript
engine.
Try setting the engine to "Mozilla Rhino".
Note though that Rhino and Nashorn are not (strictly) compatible so the
script might not work (or work as intended) without changes.
Best regards.
On 20/10/15 09:57, Andrea Bettio wrote:
> Zap.log
>
> *2015-10-20 09:21:22,827 [main ] INFO DaemonBootstrap - OWASP ZAP 2.4.2
> started.*
> *2015-10-20 09:21:23,554 [main ] INFO ENGINE - dataFileCache open start*
> *2015-10-20 09:21:23,566 [main ] INFO ENGINE - dataFileCache open end*
> *2015-10-20 09:21:24,195 [main ] INFO AbstractParam - Setting config
> script.scripts.name = F5_base was F5_base*
> *2015-10-20 09:21:24,196 [main ] INFO AbstractParam - Setting config
> script.scripts.file = /app/nets/ZAP_2.4.2/scripts/F5_base.js was
> /app/nets/ZAP_2.4.2/scripts/F5_base.js*
> *2015-10-20 09:21:24,196 [main ] INFO AbstractParam - Setting config
> script.scripts.enabled = true was true*
> *2015-10-20 09:21:24,197 [main ] INFO AbstractParam - Setting config
> script.scripts.engine = Oracle Nashorn was Oracle Nashorn*
> *2015-10-20 09:21:24,197 [main ] INFO AbstractParam - Setting config
> script.scripts.type = proxy was proxy*
> *2015-10-20 09:21:24,200 [main ] INFO SSLConnector - Reading supported
> SSL/TLS protocols...*
> *2015-10-20 09:21:24,200 [main ] INFO SSLConnector - Using a SSLEngine...*
> *2015-10-20 09:21:24,622 [main ] INFO SSLConnector - Done reading
> supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]*
> *2015-10-20 09:21:24,624 [main ] INFO OptionsParamCertificate - Unsafe
> SSL renegotiation disabled.*
> *2015-10-20 09:21:24,644 [ZAP-daemon] INFO ExtensionFactory - Loading
> extensions*
> *2015-10-20 09:21:26,100 [ZAP-daemon] INFO ExtensionFactory -
> Extensions loaded*
> *2015-10-20 09:21:26,656 [ZAP-daemon] INFO FilterFactory - loaded
> filter Change user agent to other browsers. *
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> filter Detect insecure or potentially malicious content in HTTP responses.*
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> filter Avoid browser cache (strip off IfModifiedSince)*
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> filter Log cookies sent by browser.*
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> filter Log unique GET queries into file:filter/get.xls*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Log unique POST queries into file: filter/post.xls*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Log request and response into file: filter/message.txt*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Replace HTTP request body using defined pattern.*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Replace HTTP request header using defined pattern.*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Replace HTTP response body using defined pattern.*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Replace HTTP response header using defined pattern.*
> *2015-10-20 09:21:26,659 [ZAP-daemon] INFO FilterFactory - loaded
> filter Send ZAP session request ID*
> *2015-10-20 09:21:26,880 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionViewOption*
> *2015-10-20 09:21:26,882 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionEdit*
> *2015-10-20 09:21:26,882 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionFilter*
> *2015-10-20 09:21:26,882 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Provides a rest based API for controlling and accessing ZAP*
> *2015-10-20 09:21:27,006 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionState*
> *2015-10-20 09:21:27,007 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHistory*
> *2015-10-20 09:21:27,009 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Show hidden fields and enable disabled fields*
> *2015-10-20 09:21:27,010 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Search messages for strings and regular expressions *
> *2015-10-20 09:21:27,011 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Encode/Decode/Hash...*
> *2015-10-20 09:21:27,011 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Allows you to intercept and modify requests and responses*
> *2015-10-20 09:21:27,017 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Passive scanner*
> *2015-10-20 09:21:27,076 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Script passive scan rules*
> *2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Application Error Disclosure*
> *2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan -
> *2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Content-Type Header Missing*
> *2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Cookie No HttpOnly Flag*
> *2015-10-20 09:21:27,078 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Cookie Without Secure Flag*
> *2015-10-20 09:21:27,078 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion*
> *2015-10-20 09:21:27,078 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Web Browser XSS Protection Not Enabled*
> *2015-10-20 09:21:27,079 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Secure Pages Include Mixed Content*
> *2015-10-20 09:21:27,079 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Password Autocomplete in Browser*
> *2015-10-20 09:21:27,079 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Private IP Disclosure*
> *2015-10-20 09:21:27,080 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Session ID in URL Rewrite*
> *2015-10-20 09:21:27,080 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: X-Content-Type-Options Header Missing*
> *2015-10-20 09:21:27,080 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: X-Frame-Options Header Not Set*
> *2015-10-20 09:21:27,182 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Allows you to view and manage alerts*
> *2015-10-20 09:21:27,183 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:27,232 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Spider used for automatically finding URIs on a site*
> *2015-10-20 09:21:27,237 [ZAP-daemon] INFO ExtensionLoader -
> Initializing A set of common popup menus for miscellaneous tasks*
> *2015-10-20 09:21:27,237 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:27,238 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionManualRequest*
> *2015-10-20 09:21:27,239 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Allows ZAP to check for updates*
> *2015-10-20 09:21:27,239 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:27,240 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:27,241 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Handles anti cross site request forgery (CSRF) tokens*
> *2015-10-20 09:21:27,242 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionAuthentication*
> *2015-10-20 09:21:28,319 [ZAP-daemon] INFO ExtensionAuthentication -
> *2015-10-20 09:21:28,320 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:28,354 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Logs errors to the Output tab in development mode only*
> *2015-10-20 09:21:28,354 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionUserManagement*
> *2015-10-20 09:21:28,355 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:28,355 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Script integration*
> *2015-10-20 09:21:28,373 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Scripting console, supports all JSR 223 scripting languages*
> *2015-10-20 09:21:28,374 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionForcedUser*
> *2015-10-20 09:21:28,375 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Extension handling HTTP sessions*
> *2015-10-20 09:21:28,376 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:28,527 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionDiff*
> *2015-10-20 09:21:28,527 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionRequestPostTableView*
> *2015-10-20 09:21:28,527 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Simple browser configuration*
> *2015-10-20 09:21:28,528 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionSessionManagement*
> *2015-10-20 09:21:28,669 [ZAP-daemon] INFO ExtensionSessionManagement -
> *2015-10-20 09:21:28,670 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelRequestFormTableView*
> *2015-10-20 09:21:28,670 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:28,674 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:28,675 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionAuthorization*
> *2015-10-20 09:21:28,675 [ZAP-daemon] INFO ExtensionLoader -
> Initializing AJAX Spider, uses Crawljax*
> *2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Handles adding Global Excluded URLs*
> *2015-10-20 09:21:28,678 [ZAP-daemon] WARN ExtensionGlobalExcludeURL -
> GlobalExcludeURL.optionsLoaded()*
> *2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Adds menu item to refresh the Sites tree*
> *2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader -
> Initializing OWASP ZAP User guide*
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionReport*
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelComponentonentAll*
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelHexView*
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelImageView*
> *2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelLargeRequestView*
> *2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelLargeResponseView*
> *2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelRequestQueryCookieTableView*
> *2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelSyntaxHighlightTextView*
> *2015-10-20 09:21:28,681 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Active Scan Rules*
> *2015-10-20 09:21:28,681 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:28,682 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Translations of the core language files*
> *2015-10-20 09:21:28,682 [ZAP-daemon] INFO ExtensionLoader -
> Initializing The Online menu links*
> *2015-10-20 09:21:28,682 [ZAP-daemon] INFO ExtensionLoader -
> *2015-10-20 09:21:28,683 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Allows to fuzz HTTP messages.*
> *2015-10-20 09:21:28,684 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Tips and Tricks*
> *2015-10-20 09:21:28,684 [ZAP-daemon] INFO ExtensionLoader -
> Initializing The ZAP Getting Started Guide*
> *2015-10-20 09:21:28,684 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionSaveRawHttpMessage*
> *2015-10-20 09:21:28,685 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Quick Start panel *
> *2015-10-20 09:21:28,685 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Passive Scan Rules*
> *2015-10-20 09:21:49,361 [ZAP-ProxyThread-18] INFO
> *2015-10-20 09:21:49,411 [ZAP-ProxyThread-18] INFO HttpSessionsSite -
> *2015-10-20 09:24:50,374 [ZAP-ProxyThread-34] INFO
> *2015-10-20 09:24:50,384 [ZAP-ProxyThread-34] INFO HttpSessionsSite -
> * return true*
> *}*
> *
> *
> *function proxyResponse(msg) {*
> * return true*
> *}*
> *
> *
> *After call url the status script is KO:*
and from previous information provided that seems to be the case.
The server is using Java 7 which uses "Mozilla Rhino" as the JavaScript
engine.
Try setting the engine to "Mozilla Rhino".
Note though that Rhino and Nashorn are not (strictly) compatible so the
script might not work (or work as intended) without changes.
Best regards.
On 20/10/15 09:57, Andrea Bettio wrote:
> Zap.log
>
> *2015-10-20 09:21:22,827 [main ] INFO DaemonBootstrap - OWASP ZAP 2.4.2
> started.*
> *2015-10-20 09:21:23,554 [main ] INFO ENGINE - dataFileCache open start*
> *2015-10-20 09:21:23,566 [main ] INFO ENGINE - dataFileCache open end*
> *2015-10-20 09:21:24,195 [main ] INFO AbstractParam - Setting config
> script.scripts.name = F5_base was F5_base*
> *2015-10-20 09:21:24,196 [main ] INFO AbstractParam - Setting config
> script.scripts.file = /app/nets/ZAP_2.4.2/scripts/F5_base.js was
> /app/nets/ZAP_2.4.2/scripts/F5_base.js*
> *2015-10-20 09:21:24,196 [main ] INFO AbstractParam - Setting config
> script.scripts.enabled = true was true*
> *2015-10-20 09:21:24,197 [main ] INFO AbstractParam - Setting config
> script.scripts.engine = Oracle Nashorn was Oracle Nashorn*
> *2015-10-20 09:21:24,197 [main ] INFO AbstractParam - Setting config
> script.scripts.type = proxy was proxy*
> *2015-10-20 09:21:24,200 [main ] INFO SSLConnector - Reading supported
> SSL/TLS protocols...*
> *2015-10-20 09:21:24,200 [main ] INFO SSLConnector - Using a SSLEngine...*
> *2015-10-20 09:21:24,622 [main ] INFO SSLConnector - Done reading
> supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]*
> *2015-10-20 09:21:24,624 [main ] INFO OptionsParamCertificate - Unsafe
> SSL renegotiation disabled.*
> *2015-10-20 09:21:24,644 [ZAP-daemon] INFO ExtensionFactory - Loading
> extensions*
> *2015-10-20 09:21:26,100 [ZAP-daemon] INFO ExtensionFactory -
> Extensions loaded*
> *2015-10-20 09:21:26,656 [ZAP-daemon] INFO FilterFactory - loaded
> filter Change user agent to other browsers. *
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> filter Detect insecure or potentially malicious content in HTTP responses.*
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> filter Detect and alert 'Set-cookie' attempt in HTTP response for
> modification.*
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> filter Avoid browser cache (strip off IfModifiedSince)*
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> filter Log cookies sent by browser.*
> *2015-10-20 09:21:26,657 [ZAP-daemon] INFO FilterFactory - loaded
> filter Log unique GET queries into file:filter/get.xls*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Log unique POST queries into file: filter/post.xls*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Log request and response into file: filter/message.txt*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Replace HTTP request body using defined pattern.*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Replace HTTP request header using defined pattern.*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Replace HTTP response body using defined pattern.*
> *2015-10-20 09:21:26,658 [ZAP-daemon] INFO FilterFactory - loaded
> filter Replace HTTP response header using defined pattern.*
> *2015-10-20 09:21:26,659 [ZAP-daemon] INFO FilterFactory - loaded
> filter Send ZAP session request ID*
> *2015-10-20 09:21:26,880 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionViewOption*
> *2015-10-20 09:21:26,882 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionEdit*
> *2015-10-20 09:21:26,882 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionFilter*
> *2015-10-20 09:21:26,882 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Provides a rest based API for controlling and accessing ZAP*
> *2015-10-20 09:21:27,006 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionState*
> *2015-10-20 09:21:27,007 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHistory*
> *2015-10-20 09:21:27,009 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Show hidden fields and enable disabled fields*
> *2015-10-20 09:21:27,010 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Search messages for strings and regular expressions *
> *2015-10-20 09:21:27,011 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Encode/Decode/Hash...*
> *2015-10-20 09:21:27,011 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Allows you to intercept and modify requests and responses*
> *2015-10-20 09:21:27,017 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Passive scanner*
> *2015-10-20 09:21:27,076 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Script passive scan rules*
> *2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Application Error Disclosure*
> *2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP
> Header Set*
> *2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Content-Type Header Missing*
> *2015-10-20 09:21:27,077 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Cookie No HttpOnly Flag*
> *2015-10-20 09:21:27,078 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Cookie Without Secure Flag*
> *2015-10-20 09:21:27,078 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion*
> *2015-10-20 09:21:27,078 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Web Browser XSS Protection Not Enabled*
> *2015-10-20 09:21:27,079 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Secure Pages Include Mixed Content*
> *2015-10-20 09:21:27,079 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Password Autocomplete in Browser*
> *2015-10-20 09:21:27,079 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Private IP Disclosure*
> *2015-10-20 09:21:27,080 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: Session ID in URL Rewrite*
> *2015-10-20 09:21:27,080 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: X-Content-Type-Options Header Missing*
> *2015-10-20 09:21:27,080 [ZAP-daemon] INFO ExtensionPassiveScan -
> loaded passive scan rule: X-Frame-Options Header Not Set*
> *2015-10-20 09:21:27,182 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Allows you to view and manage alerts*
> *2015-10-20 09:21:27,183 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Active scanner, heavily based on the original Paros active
> scanner, but with additional tests added*
> *2015-10-20 09:21:27,232 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Spider used for automatically finding URIs on a site*
> *2015-10-20 09:21:27,237 [ZAP-daemon] INFO ExtensionLoader -
> Initializing A set of common popup menus for miscellaneous tasks*
> *2015-10-20 09:21:27,237 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Forced browsing of files and directories using code from
> the OWASP DirBuster tool*
> *2015-10-20 09:21:27,238 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionManualRequest*
> *2015-10-20 09:21:27,239 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Allows ZAP to check for updates*
> *2015-10-20 09:21:27,239 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Compares 2 sessions and generates an HTML file showing the
> differences*
> *2015-10-20 09:21:27,240 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Invoke external applications passing context related
> information such as URLs and parameters*
> *2015-10-20 09:21:27,241 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Handles anti cross site request forgery (CSRF) tokens*
> *2015-10-20 09:21:27,242 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionAuthentication*
> *2015-10-20 09:21:28,319 [ZAP-daemon] INFO ExtensionAuthentication -
> Loaded authentication method types: [Form-based Authentication,
> HTTP/NTLM Authentication, Manual Authentication, Script-based
> Authentication]*
> HTTP/NTLM Authentication, Manual Authentication, Script-based
> *2015-10-20 09:21:28,320 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Creates a dynamic SSL certificate to allow SSL
> communications to be intercepted without warnings being generated by the
> browser*
> communications to be intercepted without warnings being generated by the
> *2015-10-20 09:21:28,354 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Logs errors to the Output tab in development mode only*
> *2015-10-20 09:21:28,354 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionUserManagement*
> *2015-10-20 09:21:28,355 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Summarise and analyse FORM and URL parameters as well as
> cookies*
> *2015-10-20 09:21:28,355 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Script integration*
> *2015-10-20 09:21:28,373 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Scripting console, supports all JSR 223 scripting languages*
> *2015-10-20 09:21:28,374 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionForcedUser*
> *2015-10-20 09:21:28,375 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Extension handling HTTP sessions*
> *2015-10-20 09:21:28,376 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Zest is a specialized scripting language from Mozilla
> specifically designed to be used in security tools*
> *2015-10-20 09:21:28,527 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionDiff*
> *2015-10-20 09:21:28,527 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionRequestPostTableView*
> *2015-10-20 09:21:28,527 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Simple browser configuration*
> *2015-10-20 09:21:28,528 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionSessionManagement*
> *2015-10-20 09:21:28,669 [ZAP-daemon] INFO ExtensionSessionManagement -
> Loaded session management method types: [Cookie-based Session
> Management, Http Authentication Session Management]*
> *2015-10-20 09:21:28,670 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelRequestFormTableView*
> *2015-10-20 09:21:28,670 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Capture messages from WebSockets with the ability to set
> breakpoints.*
> *2015-10-20 09:21:28,674 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Summarise and analyse FORM and URL parameters as well as
> cookies*
> *2015-10-20 09:21:28,675 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionAuthorization*
> *2015-10-20 09:21:28,675 [ZAP-daemon] INFO ExtensionLoader -
> Initializing AJAX Spider, uses Crawljax*
> *2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Handles adding Global Excluded URLs*
> *2015-10-20 09:21:28,678 [ZAP-daemon] WARN ExtensionGlobalExcludeURL -
> GlobalExcludeURL.optionsLoaded()*
> *2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Adds menu item to refresh the Sites tree*
> *2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Adds support for configurable keyboard shortcuts for all of
> the ZAP menus.*
> *2015-10-20 09:21:28,678 [ZAP-daemon] INFO ExtensionLoader -
> Initializing OWASP ZAP User guide*
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionReport*
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Allows you to configure which extensions are loaded when
> ZAP starts *
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelComponentonentAll*
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelHexView*
> *2015-10-20 09:21:28,679 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelImageView*
> *2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelLargeRequestView*
> *2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelLargeResponseView*
> *2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelRequestQueryCookieTableView*
> *2015-10-20 09:21:28,680 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionHttpPanelSyntaxHighlightTextView*
> *2015-10-20 09:21:28,681 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Active Scan Rules*
> *2015-10-20 09:21:28,681 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Provides WebDrivers to control several browsers using
> Selenium and includes HtmlUnit browser.*
> *2015-10-20 09:21:28,682 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Translations of the core language files*
> *2015-10-20 09:21:28,682 [ZAP-daemon] INFO ExtensionLoader -
> Initializing The Online menu links*
> *2015-10-20 09:21:28,682 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Provides the foundation for concrete message types (for
> example, HTTP, WebSockets) expose fuzzer implementations.*
> *2015-10-20 09:21:28,683 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Allows to fuzz HTTP messages.*
> *2015-10-20 09:21:28,684 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Tips and Tricks*
> *2015-10-20 09:21:28,684 [ZAP-daemon] INFO ExtensionLoader -
> Initializing The ZAP Getting Started Guide*
> *2015-10-20 09:21:28,684 [ZAP-daemon] INFO ExtensionLoader -
> Initializing ExtensionSaveRawHttpMessage*
> *2015-10-20 09:21:28,685 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Quick Start panel *
> *2015-10-20 09:21:28,685 [ZAP-daemon] INFO ExtensionLoader -
> Initializing Passive Scan Rules*
> *2015-10-20 09:21:49,361 [ZAP-ProxyThread-18] INFO
> ExtensionHttpSessions - Added new session token for site 'irmweb:8283':
> JSESSIONID*
> *2015-10-20 09:21:49,411 [ZAP-ProxyThread-18] INFO HttpSessionsSite -
> Created a new session as no match was found: HttpSession [name=Session
> 0, active=false, tokenValues='']*
> *2015-10-20 09:24:50,374 [ZAP-ProxyThread-34] INFO
> ExtensionHttpSessions - Added new session token for site
> 'prorepprod:8081': JSESSIONID*
> *2015-10-20 09:24:50,384 [ZAP-ProxyThread-34] INFO HttpSessionsSite -
> Created a new session as no match was found: HttpSession [name=Session
> 1, active=false, tokenValues='']*
>
> I have simplified the script to mininal to understand what is the problem.
>
> F5_base.js
>
> *function proxyRequest(msg) { *
> I have simplified the script to mininal to understand what is the problem.
>
> F5_base.js
>
> * return true*
> *}*
> *
> *
> *function proxyResponse(msg) {*
> * return true*
> *}*
> *
> *
> *After call url the status script is KO:*
Andrea Bettio
Oct 20, 2015, 6:49:10 AM10/20/15
to OWASP ZAP User Group
i have changed the engine to Rhino and i have modified the script: now it's works!
Thanks you for support, Simon and thc202.
Have a nice day.
Andrea
> ...
Andrea Bettio
Oct 20, 2015, 9:19:20 AM10/20/15
to OWASP ZAP User Group
One more question: is possible start zap as a service? I want that the process runs continuosly after i logout by machine that runs zap.
Thanks,
Andrea
...
kingthorin+owaspzap
Oct 20, 2015, 1:54:36 PM10/20/15
to OWASP ZAP User Group
https://github.com/zaproxy/zap-core-help/wiki/HelpCmdline#command-line
Think you're looking for -daemon
Think you're looking for -daemon
kingthorin+owaspzap
Oct 20, 2015, 1:56:32 PM10/20/15
to OWASP ZAP User Group
Of course if you actually want to use the GUI for some reason but leave it running you could start in the background with ampersand, or ctrl+z bg, or start it in a "screen" (google gnu screen).
Reply all
Reply to author
Forward
0 new messages